On Mon, Dec 30, 2024 at 05:18:31PM +0000, Andrei Enache wrote: > This patch enables use of non-executable memfds for bpf maps. [1] > As this is a recent kernel feature, the code checks at runtime to make sure it is available. > --- > Changes in v3: > - Check return value before checking errno > - Update newline style > - Link to v2: https://lore.kernel.org/bpf/Z3LHcCgqY7kHs08S@krava/T/ > > [1] https://lwn.net/Articles/918106/ > > Signed-off-by: Andrei Enache <andreien@xxxxxxxxx> > --- > tools/lib/bpf/libbpf.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c > index 66173ddb5..3a30c094d 100644 > --- a/tools/lib/bpf/libbpf.c > +++ b/tools/lib/bpf/libbpf.c > @@ -1732,11 +1732,22 @@ static int sys_memfd_create(const char *name, unsigned flags) > #define MFD_CLOEXEC 0x0001U > #endif > > +#ifndef MFD_NOEXEC_SEAL > +#define MFD_NOEXEC_SEAL 0x0008U > +#endif > + > static int create_placeholder_fd(void) > { > int fd; > + int memfd; > + > + memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC); > + > + /* MFD_NOEXEC_SEAL is missing from older kernels */ > + if (memfd < 0 && errno == EINVAL) > + memfd = sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC | MFD_NOEXEC_SEAL); hum, you need to try 'MFD_CLOEXEC | MFD_NOEXEC_SEAL' first, right? jirka > > - fd = ensure_good_fd(sys_memfd_create("libbpf-placeholder-fd", MFD_CLOEXEC)); > + fd = ensure_good_fd(memfd); > if (fd < 0) > return -errno; > return fd; > -- > 2.47.1
